BAYESIAN REASONING FOR AUTOMATIC SECURITY MEDIATION PLACEMENT

Open Access
Author:
Zhang, Zichao
Area of Honors:
Computer Engineering
Degree:
Bachelor of Science
Document Type:
Thesis
Thesis Supervisors:
  • Danfeng Zhang, Thesis Supervisor
  • John Morgan Sampson, Honors Advisor
Keywords:
  • Error diagnosis
  • static program analysis
  • information flow
Abstract:
We present a framework for automatic security mediation placement. Security-typed languages use type systems that tag data with security labels to enable information-flow control and verify the effectiveness of security policy. However, information security often changes over time in a program, complicating the system. Manually placed mediation statements require programmers to investigate a large amount of code and make thoughtful decisions, which can be difficult. In this thesis, we solve this problem by first formalizing mediation placement into constraint solving, then converting the constraint solving into a graph reachability problem. We analyze both satisfiable and unsatisfiable constraint paths in the graphs and use Bayesian principles to provide a set of mediation placement suggestions. Our framework has been implemented as an extension of SHErrLoc, an error diagnosis tool for security-typed languages. The results are shown to be promising.